This post is mainly relative to Algorithms and Optimization of Java.Please don't comment with negative criticizing statements regarding the title, this is for my own education XD.There's so much more than my full implementation to even make this thing usable.

To begin, I got bored and decided to make one I've been working on it for about 2 days so far.Not to brag but rather to give some details, it can currently handle up to 11 slots. (Numbers, Uppercase/Lowercase mixes)

Pseudo-code is an informal high-level description of the operating principle of a computer program or other algorithm.It uses the structural conventions of a programming language, but is intended for human reading rather than machine reading.

[A Quote I heard]

Quote

It's not a matter of "If the password can be brute forced", it's "how long the brute force will take."

Code Notes:The for loops will continue for a total of 11 switch statements, i removed these to keep the code short.But as you can imagine it gets lengthy and bulky while processing hundreds of thousands / millions of combinations per second.

What my main questions are:How can I optimize the method seen above.Should I use StringBuilders or not?Can I wrap my for loops into a more optimized / less repetitive way?I'm using String[] arrays for my allowed characters constants, is this efficient?I'm using a Switch() statement, is this efficient?Is anything you see unnecessary / not where it should be?Have one of these been built 'Virus Free' using Java?Is it possible for this to be processed on a GPU for faster computations?

Closing Statement:Hope somebody can help me, thanks.If a staff member finds this post 'malicious' please note there's so much more needed for this code to work due to it's state of being 'pseudo'.Thanks guys, looking forward to any feedback.

My total computations calculation seems to be a little bit off. (13 Million off sometimes)I was wondering...How would I go about calculating the total possible computations / combinations?Each slot can be up to 26 different letters so here's may attempt:

I would expect upper and lower case characters as well as underscores, exclamation marks and so on, so depending on password rules, so the combinations are 60 raised to the power of the password length - more in fact as the passwords typicaly can be different lengths.

Well, I've got multiple arrays for that type of stuff XD.(Sorry to turn this into a code snippet thread)

I'm currently trying to achieve calculating the total computations/combinations for the 26 letter (lowercase alphabet) array[] first.After I can calculate that properly I'll create / adapt methods to calculate the total based off of the target_array[]s length. (See code below)

Here's what I have at the moment, hoping these arrays will prove useful for someone who's not wanting to hand write them.I googled to find my first premade 'Alphabet array' than made the other arrays based off of it.

But, I meant as far as my computations calculation is it correct?It doesn't seem to be correct according to:calc.opensecurityresearch.comIt's saying a 6 letter password only using lowercase letters could take 321,272,406 computations.Where as my estimated total (calculate with the method seen 2 posts above) said: 308,915,776.

You build a string, store it in an array for no obvious reason, and then compare it to another string. What does this accomplish?

Normally when people talk about brute forcing a password, what they're actually doing is enumerating passwords by brute force, hashing them, and comparing the hash with a target value. The most efficient way of approaching it then depends on the structure of the hash, although if it has a block length of more than the passwords you're processing then there's unlikely to be much benefit in caching intermediate results. If there's no benefit in caching results and you're not using a statistical model of most likely passwords then the easiest way to enumerate them is to count in a suitable base.

You build a string, store it in an array for no obvious reason, and then compare it to another string. What does this accomplish?

Hey thanks, there's no need to store the computation if it isn't going to return true with the computation needed, discard it and keep moving

I don't know if you've programmed one of these before lol.If you haven't programmed one without recursion (I have no idea how I thought about programming this, just figured id go aaa, aab, aac and hey it worked!) you'll find yourself doing it like I'm doing at first. (No salt / no hash)Enter a password, text your algorithm.

If I wanted to implement hashing and salting etc I could, I'm actually deciding to do something with this project so It's version 0.4 at the moment.

lol, my version turned out around 23 times faster than the guy who posted his version of it in java with recursion.Everywhere I read, recursions usually the first and best option.I'm sorry, half the time when I'm writing code I don't understand what I'm writing, there's a complex chunk of machine code that needs to be written XD and I actually figured this one out so.. I'm happy.

Maybe the code's just not comprehend-able due to the unnecessary object creation / checking etc.Sorry for the long reply

I don't know if you've programmed one of these before lol.If you haven't programmed one without recursion (I have no idea how I thought about programming this, just figured id go aaa, aab, aac and hey it worked!) you'll find yourself doing it like I'm doing at first. (No salt / no hash)

I've written enumerations of various combinatorial structures. One useful question to ask yourself is: can I define a canonical order such that there's a straightforward next() method? In this case, the canonical order is fairly straightforward, so the question is: given "prabkqdtxczz" how would I create the next string, "prabkqdtxdaa"?

I really don't understand what your goal is with this, but i have some tips. If you really mean the "Brute" in the "Brute force", then stop using the StringBuffer, and switch to raw byte[]-s instead. Also stop creating a "new" object in the middle of the loop. You could also unroll those loops to a single loop, and increase the indices in the byte[] yourself.

Ahh never mind, this makes no sense. You are probably just trying to make some benchmark that is heavy on loops and memory.

My implementation of this which was literally 'thought out line by line' is just a few hundred milliseconds slower than the C# recursion.Mind you mine involves no recursion.

I found the C# implementations for brute forcing on some college PDF.I'll be doing some more benchmarking on the C# recursion implementation translated to java Vs. my current implementation of long for loops today

I was stunned to find that PDF!Than see that my 264 lines of code (Processes any password up to 11 slots) could be wrapped into 6 lines of code with something called 'recursion', and it handles unlimited password lengths LOL

@VeaR:Thanks for the feedback mate, this program was literally thought up overnight.If you can find a version like mine where the recursion is literally hand programmed and it works, let me know XDRegarding unnecessary object creation and transferring to byte[]-s instead of using a String Buffer thanks.That's the type of feedback I was hoping to get

I've written enumerations of various combinatorial structures. One useful question to ask yourself is: can I define a canonical order such that there's a straightforward next() method? In this case, the canonical order is fairly straightforward, so the question is: given "prabkqdtxczz" how would I create the next string, "prabkqdtxdaa"?

I explained the algorithm mate:#1: Start with: prabkqdtxczz#2: Next up is: prabkqdtxdaa#3: After that is: prabkqdtxdab#4: After that is: prabkqdtxdacetc.

Here's a somewhat in depth explanation:On #1 it will detect the z in the last slot.It will treat that z as the last slot in the alphabet array.If it is the last slot in the alphabet[] array (which it is) it will -1 in the password index (move back one slot), change the z to the beginning element of the alphabet[] array.Next it will detect the z 1 slot before the slot we just changed from z to a.Since the second to last slot we're dealing with here is also a z.. basically repeat the process we performed for the last z.(Change the z to a, -1 in the password index, process it from a-z)

Hope it makes sense mate, it's a algorithm.Kind of hard to explain them :/

Program one, or run one of the C# implementations i translated to Java and you will see how it comes up with its computations.(You'll have to implement printing out the current computation as it's not added in the examples above)

So you go through each password possibility one by one? In Python I programmed something like this that went through each possibility one by one and it seemed like it would have taken days to finish, even though it was just a lot of for loops. Is Java really that much faster than Python or is there some serious optimization going on?

Here's in depth explanation:On #1 it will detect the z in the last slot.It will treat that z as the last slot in the alphabet array.If it is the last slot in the alphabet[] array (which it is) it will -1 in the password index (move back one slot), change the z to the beginning element of the alphabet[] array.Next it will detect the z 1 slot before the slot we just changed from z to a.Since the second to last slot we're dealing with is also a z basically repeat the process we performed for the last z.(Change the z to a, -1 in the password index, process it from a-z)

Exactly. No recursion, and handles any length of string without adding an extra loop. Much more legible than the code you posted, and probably faster.

By the way, do you patronise everyone who tries to help you using the Socratic method?

By the way, do you patronise everyone who tries to help you using the Socratic method?

Quote

The Socratic method (also known as method of elenchus, elenctic method, Socratic irony, or Socratic debate), named after the classical Greek philosopher Socrates, is a form of inquiry and debate between individuals with opposing viewpoints based on asking and answering questions to stimulate critical thinking and to illuminate ideas. It is a dialectical method, often involving an oppositional discussion in which the defense of one point of view is pitted against the defense of another; one participant may lead another to contradict himself in some way, thus strengthening the inquirer's own point

I don't really understand you mate.

It seems like you didn't understand what I was posting.So I posted some code, that didn't help. So I posted the whole code, that didn't help. So I posted a in depth explanation.

And I get accused of patronizing lolz.

I'm sorry man, I wasn't trying to be-little you if that's how you took it.You didn't seem to understand it how the program was coming up with its computations... so I attempted to explain it to you.

I believe he was saying that my questions were Socratic method and that you saying "unless you're being a smart ass" is patronizing those who use it (me, apparently). He was not saying that your explanations weren't enough.

I believe he was saying that my questions were Socratic method and that you saying "unless you're being a smart ass" is patronizing those who use it (me, apparently). He was not saying that your explanations weren't enough.

What I meant by unless you're being a smart ass was:I didn't understand if your positive reply "Sammidysam" was filled with sarcasm etc, so i asked if it was.

I'm sorry, my reply was right below your reply I thought that was enough to signify it was @ you (Even responded to your remark).Next time I'll add @Username: before addressing someone with a remark so people don't get confused XDMy baaad.

I'm sorry. I didn't understand the post and then responded to what I thought it meant when I didn't know. I didn't mean to ruin your thread at all. I'm really sorry.

@Sammidysam:Oh no you're fine mate.Literally just about every legit thread I make someone accuses me of being a smart ass, or accuses me of involving 'indirect criticism'.All I do is post source code, rate games, publish games and help newbies on JGO.

java-gaming.org is not responsible for the content posted by its members, including references to external websites,
and other references that may or may not have a relation with our primarily
gaming and game production oriented community.
inquiries and complaints can be sent via email to the info‑account of the
company managing the website of java‑gaming.org